-1

So m working on a project where I need to encrypt the data user is gonna enter on the website... I don't want to use the SHA1 or any other encryption method, since they are one-way encryption and I need to manipulate the data on the server side (I'm not storing the user data). Can anybody suggect me some good methodologies by which I can achieve this ???

Is Public Key Encryption gonna work ? If yes, which one should I use ? Or should I design a new algo ?

I'm working on Java.

It would be really great if someone could point me to some resources for their answer or give me totally new and awesome idea ... :D

\m/ \m/

Does anybody know how many different type of Hashing algo's are commonly used ... ???

Hitesh Patwari
  • 19
  • 2
  • 9
  • 4
    You mean you don't want to use a *hashing* algorithm. You *do* want to use "any other encryption method" - but you should **absolutely not** try to design your own encryption algorithm. There are plenty of standard ones available, and you should do some research to work out the pros and cons of each. Designing a good encryption algorithm is the job of security professionals. You *will* end up with something inferior if you do it yourself. – Jon Skeet Jun 28 '12 at 16:51
  • I can use hashing algo ... but it would increase a lot of work on JS and also on Server side ... – Hitesh Patwari Jun 28 '12 at 19:40
  • @HiteshPatwari, there is no scheme to encrypt user data that is going to get around that issue if you're trying to do it in the client-side js! That's why SSL is your friend here! – Ben Jun 28 '12 at 20:00
  • If you need to decrypt the data then you *can't* use a hashing algorithm. You need to use a two-way encryption algorithm. – Jon Skeet Jun 28 '12 at 20:32

2 Answers2

1

Are you certain you don't want to transmit the data over https? That would protect the data (via well-understood public key encryption) in transit, and then you don't have to mess with trying to run an extra encryption scheme in your client-side code. What is the use case here?

Ben
  • 4,980
  • 3
  • 43
  • 84
  • Agreed, if you are simply wanting to encrypt the traffic between the web server and client then SSL is definitely the way to go. It will protect traffic in both directions, and is something standard that will work in all modern browsers. Plus, once it is configured on the web server you don't have to worry about encryption on a per-page basis. It will happen automatically. – Michael Jun 28 '12 at 18:24
  • Yeah the traffic would be over HTTPS ... but giving the user feel that we are sending the data in plaintext in URL is not a good way ... – Hitesh Patwari Jun 28 '12 at 19:42
  • If you're worried about protecting user input data, don't put it in the URL in any case. It really sounds like the right solution here is to use HTTPS POST. I certainly understand that users can be ignorant about security issues and make illogical demands, but you'll be better off informing them that their data are secured to industry standards than you would be home-rolling some encryption scheme. That'll almost certainly end up compromising security rather than improving it. – Ben Jun 28 '12 at 19:59
0

You should head to http://www.bouncycastle.org/ . You'll find all the info you need, and also some background on hashing/encryption/signing, because you seem to be a bit puzzled about those terms. (no offense)

Gergely Szilagyi
  • 3,813
  • 1
  • 14
  • 12